From simon at josefsson.org Mon Mar 5 08:37:10 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 05 Mar 2007 08:37:10 +0100 Subject: [gnutls-dev] GnuTLS and Google Summer of Code 2007 Message-ID: <87irdgp2e1.fsf@latte.josefsson.org> Hi! GnuTLS will try to participate in the Google Summer of Code, see: http://www.gnu.org/software/soc-projects/guidelines.html http://code.google.com/soc/ Right now we are collecting ideas for projects, the ideas from 2006 are : 1. Datagram TLS support. RFC 4347 describe a UDP version of TLS. 2. Support for the elliptic curves ciphersuites as an alternative authentication method. comment: I think I saw some patches for libgcrypt about this quite recently, which could be a basis for this work. 3. Redesign and rewrite libtasn1 (asn.1 parser library). The new implementation must be efficient and easy to extend with new types and encoding rules (say BER and DER). 4. Write a crypto backend to perform (symmetric and assymetric de/encryption, hash and MAC, key generation, random number generation). It should be able to utilize libgcrypt and other free libraries, such as libtomcrypt, and should be extendable for hardware drivers. I can immediately add some ideas: 5. Work on integrating support for some of the newer TLS extensions, which can include better TLS 1.2 support. 6. Integrate the NIST X.509 self-tests and make sure we pass them. This could be an important step for FIPS certification of GnuTLS. 7. OpenPGP related improvements? I'd appreciate suggestions for other ideas that might attract good people. If you want to propose something and work on it as a student, let me know. /Simon From simon at josefsson.org Wed Mar 7 17:11:47 2007 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 07 Mar 2007 17:11:47 +0100 Subject: [gnutls-dev] Libtasn1 0.3.9 Message-ID: <87abypnid8.fsf@mocca.josefsson.org> First release from GIT instead of CVS... released some days ago, but I forgot to send this announcement. Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER/BER encoding and DER/BER decoding. Libtasn1 is used by GnuTLS to manipulate X.509 objects and by Shishi to handle Kerberos V5 packets. Version 0.3.9 (released 2007-03-02) - In generated code, config.h is pulled in if HAVE_CONFIG_H. - Development changes: changed from CVS to GIT as an experiment. I push my changes to . - Autoconf 2.61 and automake 1.10 is required. Commercial support contracts for Libtasn1 are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding Libtasn1 maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use Libtasn1, or want to help others, you are invited to join our help-gnutls mailing list, see: . Homepage: http://josefsson.org/libtasn1/ Manual in many formats: http://josefsson.org/gnutls/manual/libtasn1/ Here are the compressed sources (1.3MB): ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.3.9.tar.gz http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.9.tar.gz Here are GPG detached signatures using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.3.9.tar.gz.sig http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.9.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2008-06-30] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2008-06-30] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: 952173c518c09438d6a0c975d173977cc651911e libtasn1-0.3.9.tar.gz cebc4146bb226a07f1ef71a99689ba464f8c0811 libtasn1-0.3.9.tar.gz.sig 77007a5050818567fa29aab3776519e0523f82c091bbb5910096a7ec libtasn1-0.3.9.tar.gz dcbdb5e27d6647c0b181b4bc560fdc9acd2542866d7a98c090f1f81d libtasn1-0.3.9.tar.gz.sig Enjoy, Fabio, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From fw at deneb.enyo.de Wed Mar 7 21:16:44 2007 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed, 07 Mar 2007 21:16:44 +0100 Subject: [gnutls-dev] HAEDS UP: Moving away from CVS In-Reply-To: <20070228223303.GA12647@cryo.net.ru> (Pavlov Konstantin's message of "Thu, 1 Mar 2007 01:33:03 +0300") References: <87y7mpm4qw.fsf@latte.josefsson.org> <20070223151340.GI28905@basalt.office.altlinux.org> <87odngorvi.fsf@latte.josefsson.org> <87fy8rq5e2.fsf@latte.josefsson.org> <87y7mi840m.fsf@mid.deneb.enyo.de> <87tzx6rmd4.fsf@latte.josefsson.org> <20070228223303.GA12647@cryo.net.ru> Message-ID: <87k5xsx103.fsf@mid.deneb.enyo.de> * Pavlov Konstantin: >> Doesn't it work? > > Works fine here too. Yeah, I mistakenly used the HTTP transport or something like that. Sorry about that. From simon at josefsson.org Thu Mar 8 07:34:43 2007 From: simon at josefsson.org (Simon Josefsson) Date: Thu, 08 Mar 2007 07:34:43 +0100 Subject: [gnutls-dev] HAEDS UP: Moving away from CVS In-Reply-To: <87k5xsx103.fsf@mid.deneb.enyo.de> (Florian Weimer's message of "Wed\, 07 Mar 2007 21\:16\:44 +0100") References: <87y7mpm4qw.fsf@latte.josefsson.org> <20070223151340.GI28905@basalt.office.altlinux.org> <87odngorvi.fsf@latte.josefsson.org> <87fy8rq5e2.fsf@latte.josefsson.org> <87y7mi840m.fsf@mid.deneb.enyo.de> <87tzx6rmd4.fsf@latte.josefsson.org> <20070228223303.GA12647@cryo.net.ru> <87k5xsx103.fsf@mid.deneb.enyo.de> Message-ID: <87tzwwmef0.fsf@mocca.josefsson.org> Florian Weimer writes: > * Pavlov Konstantin: > >>> Doesn't it work? >> >> Works fine here too. > > Yeah, I mistakenly used the HTTP transport or something like that. > Sorry about that. I had problems with HTTP transport from repo.or.cz before too, but I tried now and it worked. /Simon jas at mocca:~/t$ man git-clone Reformatting git-clone(1), please wait... jas at mocca:~/t$ git-clone http://repo.or.cz/r/libtasn1.git Getting alternates list for http://repo.or.cz/r/libtasn1.git/ Getting pack list for http://repo.or.cz/r/libtasn1.git/ Getting index for pack 29f1dcfd9df23738922346de94d347b315184408 Getting pack 29f1dcfd9df23738922346de94d347b315184408 which contains a75e640ecb3f94533ad98969330ab5b21d0d12ef walk a75e640ecb3f94533ad98969330ab5b21d0d12ef walk f007a3074d2a8939a571cee14223ff267391d921 walk 2d9139c310ce00f7201d00353f8acf9ed26d8f70 walk d315c834d6d5a63bf11d590eab9aced69313a4a3 walk 880fae6f4850184fa63d9eef8499f9e08d2596b4 walk c286e04dd656e46b3f60c6f15993cf4556fb3de9 walk 0d25a2705b3588055519baef84853b8e45a647d8 walk e0b312d0af16841b99441f342a2aa3d28ce3423c walk bd2756ff64a7223918c6f84b23008813d2921028 ... walk 76fad3cfc11685653d976b4b0c465e11055902b9 walk 26f61f9e5c9794a01ae553b1c2e5e926095629c5 walk 312b5267bfb51508975b8032c316fa9e20686f2b walk 3d9221565c51fe3006546fb14e0738cbb011e24c walk 8d63452a0d10b9e618d27c2ab640fc3ce07a9822 walk 5c47f0f48124546a7e0054048befdbb4dafd0966 walk 879c56ba12c8787cb839f8a1b6fdc310c934c354 walk c379ce7b913aaaa136c3f3ac4542770068fc2ddc walk 7731d7e53a35fa016c570848354c2ebd44e67457 walk 8a077d936ad88fa600ad483b6da161770d83cf6c jas at mocca:~/t$ From deanna at sdf.lonestar.org Wed Mar 21 04:22:12 2007 From: deanna at sdf.lonestar.org (Deanna Phillips) Date: Wed, 21 Mar 2007 03:22:12 +0000 Subject: [gnutls-dev] size_t, int and 64 bit machines Message-ID: Hello, I noticed some size_t and int mixing that causes the set_pkcs12_cred test to fail on OpenBSD/sparc64. Here, sizeof int is 4, and sizeof size_t is 8. Several warnings such as this are produced: gnutls_x509.c:1897: warning: passing arg 2 of `read_binary_file' from incompatible pointer type The simple fix for that particular test was - typedef struct { unsigned char *data; - unsigned int size; + size_t size; } gnutls_datum_t; Here's a patch to use size_t consistently. This gets rid of all but a few of these compiler warnings. With this applied, all tests pass on sparc64, i386, amd64 and alpha. Also included here is a patch that allows the pcks1-padding test to run on systems that pad wc(1) output with spaces, and another to include netinet/in.h for struct sockaddr_in in the anonself test. Thanks for providing tests. :) diff -urp gnutls-1.6.1.orig/doc/examples/ex-crq.c gnutls-1.6.1/doc/examples/ex-crq.c --- gnutls-1.6.1.orig/doc/examples/ex-crq.c Fri Jun 16 11:35:46 2006 +++ gnutls-1.6.1/doc/examples/ex-crq.c Sun Mar 18 20:15:03 2007 @@ -19,7 +19,7 @@ main (void) gnutls_x509_crq_t crq; gnutls_x509_privkey_t key; unsigned char buffer[10 * 1024]; - int buffer_size = sizeof (buffer); + size_t buffer_size = sizeof (buffer); gnutls_global_init (); diff -urp gnutls-1.6.1.orig/doc/examples/ex-pkcs12.c gnutls-1.6.1/doc/examples/ex-pkcs12.c --- gnutls-1.6.1.orig/doc/examples/ex-pkcs12.c Fri Jun 16 11:35:46 2006 +++ gnutls-1.6.1/doc/examples/ex-pkcs12.c Sun Mar 18 20:15:03 2007 @@ -23,7 +23,7 @@ write_pkcs12 (const gnutls_datum_t * cer int ret, bag_index; gnutls_pkcs12_bag_t bag, key_bag; char pkcs12_struct[10 * 1024]; - int pkcs12_struct_size; + size_t pkcs12_struct_size; FILE *fd; /* A good idea might be to use gnutls_x509_privkey_get_key_id() diff -urp gnutls-1.6.1.orig/doc/examples/ex-rfc2818.c gnutls-1.6.1/doc/examples/ex-rfc2818.c --- gnutls-1.6.1.orig/doc/examples/ex-rfc2818.c Fri Jun 16 11:35:46 2006 +++ gnutls-1.6.1/doc/examples/ex-rfc2818.c Sun Mar 18 20:15:04 2007 @@ -14,7 +14,8 @@ verify_certificate (gnutls_session_t ses { unsigned int status; const gnutls_datum_t *cert_list; - int cert_list_size, ret; + int ret; + size_t cert_list_size; gnutls_x509_crt_t cert; diff -urp gnutls-1.6.1.orig/doc/examples/ex-x509-info.c gnutls-1.6.1/doc/examples/ex-x509-info.c --- gnutls-1.6.1.orig/doc/examples/ex-x509-info.c Wed Nov 15 09:51:19 2006 +++ gnutls-1.6.1/doc/examples/ex-x509-info.c Sun Mar 18 20:15:04 2007 @@ -40,7 +40,7 @@ print_x509_certificate_info (gnutls_sess unsigned int algo, bits; time_t expiration_time, activation_time; const gnutls_datum_t *cert_list; - unsigned int cert_list_size = 0; + size_t cert_list_size = 0; gnutls_x509_crt_t cert; /* This function only works for X.509 certificates. @@ -50,7 +50,7 @@ print_x509_certificate_info (gnutls_sess cert_list = gnutls_certificate_get_peers (session, &cert_list_size); - printf ("Peer provided %d certificates.\n", cert_list_size); + printf ("Peer provided %zu certificates.\n", cert_list_size); if (cert_list_size > 0) { diff -urp gnutls-1.6.1.orig/includes/gnutls/gnutls.h.in gnutls-1.6.1/includes/gnutls/gnutls.h.in --- gnutls-1.6.1.orig/includes/gnutls/gnutls.h.in Mon Nov 6 09:48:10 2006 +++ gnutls-1.6.1/includes/gnutls/gnutls.h.in Sun Mar 18 20:15:04 2007 @@ -308,7 +308,7 @@ extern "C" typedef struct { unsigned char *data; - unsigned int size; + size_t size; } gnutls_datum_t; @@ -981,7 +981,7 @@ extern "C" */ const gnutls_datum_t *gnutls_certificate_get_peers (gnutls_session_t session, - unsigned int + size_t *list_size); const gnutls_datum_t *gnutls_certificate_get_ours (gnutls_session_t session); diff -urp gnutls-1.6.1.orig/includes/gnutls/gnutlsxx.h gnutls-1.6.1/includes/gnutls/gnutlsxx.h --- gnutls-1.6.1.orig/includes/gnutls/gnutlsxx.h Mon Aug 7 08:40:23 2006 +++ gnutls-1.6.1/includes/gnutls/gnutlsxx.h Sun Mar 18 20:15:04 2007 @@ -177,7 +177,7 @@ class session void get_our_certificate(gnutls_datum & cert) const; bool get_peers_certificate(std::vector &out_certs) const; - bool get_peers_certificate(const gnutls_datum_t** certs, unsigned int *certs_size) const; + bool get_peers_certificate(const gnutls_datum_t** certs, size_t *certs_size) const; time_t get_peers_certificate_activation_time() const; time_t get_peers_certificate_expiration_time() const; diff -urp gnutls-1.6.1.orig/lib/gnutls_dh_primes.c gnutls-1.6.1/lib/gnutls_dh_primes.c --- gnutls-1.6.1.orig/lib/gnutls_dh_primes.c Wed Mar 8 05:44:59 2006 +++ gnutls-1.6.1/lib/gnutls_dh_primes.c Sun Mar 18 20:15:04 2007 @@ -416,8 +416,8 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh size_t * params_data_size) { ASN1_TYPE c2; - int result, _params_data_size; - size_t g_size, p_size; + int result; + size_t g_size, p_size, _params_data_size; opaque *p_data, *g_data; opaque *all_data; @@ -506,7 +506,7 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh { /* PEM */ opaque *tmp; opaque *out; - int len; + size_t len; len = 0; asn1_der_coding (c2, "", NULL, &len, NULL); diff -urp gnutls-1.6.1.orig/lib/gnutls_ui.c gnutls-1.6.1/lib/gnutls_ui.c --- gnutls-1.6.1.orig/lib/gnutls_ui.c Wed Mar 8 05:44:59 2006 +++ gnutls-1.6.1/lib/gnutls_ui.c Sun Mar 18 20:15:04 2007 @@ -472,7 +472,7 @@ gnutls_certificate_get_ours (gnutls_sess **/ const gnutls_datum_t * gnutls_certificate_get_peers (gnutls_session_t - session, unsigned int *list_size) + session, size_t *list_size) { cert_auth_info_t info; diff -urp gnutls-1.6.1.orig/lib/gnutlsxx.cpp gnutls-1.6.1/lib/gnutlsxx.cpp --- gnutls-1.6.1.orig/lib/gnutlsxx.cpp Thu Jun 1 15:49:01 2006 +++ gnutls-1.6.1/lib/gnutlsxx.cpp Sun Mar 18 20:15:04 2007 @@ -237,7 +237,7 @@ bool session::is_resumed() const bool session::get_peers_certificate(std::vector &out_certs) const { const gnutls_datum_t *certs; - unsigned int certs_size; + size_t certs_size; certs = gnutls_certificate_get_peers (this->s, &certs_size); @@ -249,7 +249,7 @@ bool session::get_peers_certificate(std: return true; } -bool session::get_peers_certificate(const gnutls_datum_t** certs, unsigned int *certs_size) const +bool session::get_peers_certificate(const gnutls_datum_t** certs, size_t *certs_size) const { *certs = gnutls_certificate_get_peers (this->s, certs_size); diff -urp gnutls-1.6.1.orig/lib/minitasn1/coding.c gnutls-1.6.1/lib/minitasn1/coding.c --- gnutls-1.6.1.orig/lib/minitasn1/coding.c Thu Oct 19 16:00:49 2006 +++ gnutls-1.6.1/lib/minitasn1/coding.c Sun Mar 18 20:15:04 2007 @@ -871,7 +871,7 @@ _asn1_ordering_set_of (unsigned char *de * **/ asn1_retCode -asn1_der_coding (ASN1_TYPE element, const char *name, void *ider, int *len, +asn1_der_coding (ASN1_TYPE element, const char *name, void *ider, size_t *len, char *ErrorDescription) { node_asn *node, *p, *p2; diff -urp gnutls-1.6.1.orig/lib/minitasn1/libtasn1.h gnutls-1.6.1/lib/minitasn1/libtasn1.h --- gnutls-1.6.1.orig/lib/minitasn1/libtasn1.h Thu Oct 19 16:00:51 2006 +++ gnutls-1.6.1/lib/minitasn1/libtasn1.h Sun Mar 18 20:15:04 2007 @@ -172,7 +172,7 @@ extern "C" int *num); asn1_retCode asn1_der_coding (ASN1_TYPE element, const char *name, - void *ider, int *len, char *ErrorDescription); + void *ider, size_t *len, char *ErrorDescription); asn1_retCode asn1_der_decoding (ASN1_TYPE * element, const void *ider, int len, char *errorDescription); diff -urp gnutls-1.6.1.orig/lib/minitasn1/structure.c gnutls-1.6.1/lib/minitasn1/structure.c --- gnutls-1.6.1.orig/lib/minitasn1/structure.c Thu Oct 19 16:00:49 2006 +++ gnutls-1.6.1/lib/minitasn1/structure.c Sun Mar 18 20:15:04 2007 @@ -1184,7 +1184,7 @@ asn1_copy_node (ASN1_TYPE dst, const cha int result; ASN1_TYPE dst_node; void *data = NULL; - int size = 0; + size_t size = 0; result = asn1_der_coding (src, src_name, NULL, &size, NULL); if (result != ASN1_MEM_ERROR) diff -urp gnutls-1.6.1.orig/lib/x509/common.c gnutls-1.6.1/lib/x509/common.c --- gnutls-1.6.1.orig/lib/x509/common.c Wed Dec 27 13:31:35 2006 +++ gnutls-1.6.1/lib/x509/common.c Sun Mar 18 20:15:04 2007 @@ -709,7 +709,8 @@ _gnutls_x509_export_int (ASN1_TYPE asn1_ int tmp_buf_size, unsigned char *output_data, size_t * output_data_size) { - int result, len; + int result; + size_t len; if (tmp_buf_size == 0) tmp_buf_size = 16 * 1024; @@ -933,8 +934,9 @@ int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, gnutls_datum_t * res, int str) { - int size, result; - int asize; + int result; + size_t size, asize; + opaque *data = NULL; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; diff -urp gnutls-1.6.1.orig/lib/x509/privkey_pkcs8.c gnutls-1.6.1/lib/x509/privkey_pkcs8.c --- gnutls-1.6.1.orig/lib/x509/privkey_pkcs8.c Wed Mar 8 05:44:59 2006 +++ gnutls-1.6.1/lib/x509/privkey_pkcs8.c Sun Mar 18 20:15:04 2007 @@ -136,8 +136,8 @@ static int encode_to_private_key_info (gnutls_x509_privkey_t pkey, gnutls_datum_t * der, ASN1_TYPE * pkey_info) { - int result, len; - size_t size; + int result; + size_t size, len; opaque *data = NULL; opaque null = 0; diff -urp gnutls-1.6.1.orig/lib/x509/sign.c gnutls-1.6.1/lib/x509/sign.c --- gnutls-1.6.1.orig/lib/x509/sign.c Wed Mar 8 11:26:54 2006 +++ gnutls-1.6.1/lib/x509/sign.c Sun Mar 18 20:15:04 2007 @@ -259,7 +259,7 @@ _gnutls_x509_sign_tbs (ASN1_TYPE cert, c { int result; opaque *buf; - int buf_size; + size_t buf_size; gnutls_datum_t tbs; buf_size = 0; diff -urp gnutls-1.6.1.orig/lib/x509/x509.c gnutls-1.6.1/lib/x509/x509.c --- gnutls-1.6.1.orig/lib/x509/x509.c Sun Sep 24 04:19:48 2006 +++ gnutls-1.6.1/lib/x509/x509.c Sun Mar 18 20:15:04 2007 @@ -1324,7 +1324,7 @@ gnutls_x509_crt_get_fingerprint (gnutls_ void *buf, size_t * sizeof_buf) { opaque *cert_buf; - int cert_buf_size; + size_t cert_buf_size; int result; gnutls_datum_t tmp; diff -urp gnutls-1.6.1.orig/libextra/gnutls_openssl.c gnutls-1.6.1/libextra/gnutls_openssl.c --- gnutls-1.6.1.orig/libextra/gnutls_openssl.c Sun Aug 13 16:34:09 2006 +++ gnutls-1.6.1/libextra/gnutls_openssl.c Sun Mar 18 20:15:04 2007 @@ -340,7 +340,7 @@ const X509 * SSL_get_peer_certificate (SSL * ssl) { const gnutls_datum_t *cert_list; - int cert_list_size = 0; + size_t cert_list_size = 0; cert_list = gnutls_certificate_get_peers (ssl->gnutls_state, &cert_list_size); @@ -354,7 +354,7 @@ int SSL_connect (SSL * ssl) { X509_STORE_CTX *store; - int cert_list_size = 0; + size_t cert_list_size = 0; int err; int i, j; int x_priority[GNUTLS_MAX_ALGORITHM_NUM]; @@ -409,7 +409,7 @@ int SSL_accept (SSL * ssl) { X509_STORE_CTX *store; - int cert_list_size = 0; + size_t cert_list_size = 0; int err; int i, j; int x_priority[GNUTLS_MAX_ALGORITHM_NUM]; diff -urp gnutls-1.6.1.orig/libextra/openssl_compat.c gnutls-1.6.1/libextra/openssl_compat.c --- gnutls-1.6.1.orig/libextra/openssl_compat.c Wed Mar 8 05:44:59 2006 +++ gnutls-1.6.1/libextra/openssl_compat.c Sun Mar 18 20:15:04 2007 @@ -531,7 +531,7 @@ gnutls_x509_extract_certificate_pk_algor -*/ int gnutls_x509_extract_certificate_dn_string (char *buf, - unsigned int sizeof_buf, + size_t sizeof_buf, const gnutls_datum_t * cert, int issuer) { diff -urp gnutls-1.6.1.orig/libextra/openssl_compat.h gnutls-1.6.1/libextra/openssl_compat.h --- gnutls-1.6.1.orig/libextra/openssl_compat.h Wed Mar 8 05:44:59 2006 +++ gnutls-1.6.1/libextra/openssl_compat.h Sun Mar 18 20:15:04 2007 @@ -34,7 +34,7 @@ int gnutls_x509_extract_dn_string (const int gnutls_x509_extract_certificate_dn (const gnutls_datum_t *, gnutls_x509_dn *); int gnutls_x509_extract_certificate_dn_string (char *buf, - unsigned int sizeof_buf, + size_t sizeof_buf, const gnutls_datum_t * cert, int issuer); int gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t *, diff -urp gnutls-1.6.1.orig/src/common.c gnutls-1.6.1/src/common.c --- gnutls-1.6.1.orig/src/common.c Wed Jul 5 17:32:53 2006 +++ gnutls-1.6.1/src/common.c Sun Mar 18 20:15:04 2007 @@ -111,7 +111,7 @@ print_x509_info (gnutls_session session, return; } - printf (" - Got a certificate list of %d certificates.\n\n", + printf (" - Got a certificate list of %zu certificates.\n\n", cert_list_size); for (j = 0; j < (unsigned int) cert_list_size; j++) @@ -244,10 +244,10 @@ print_x509_info (gnutls_session session, if (ret >= 0) { print = SU (raw_to_string (e.data, e.size)); - printf (" # e [%d bits]: %s\n", e.size * 8, print); + printf (" # e [%zu bits]: %s\n", e.size * 8, print); print = SU (raw_to_string (m.data, m.size)); - printf (" # m [%d bits]: %s\n", m.size * 8, print); + printf (" # m [%zu bits]: %s\n", m.size * 8, print); gnutls_free (e.data); gnutls_free (m.data); @@ -261,16 +261,16 @@ print_x509_info (gnutls_session session, if (ret >= 0) { print = SU (raw_to_string (p.data, p.size)); - printf (" # p [%d bits]: %s\n", p.size * 8, print); + printf (" # p [%zu bits]: %s\n", p.size * 8, print); print = SU (raw_to_string (q.data, q.size)); - printf (" # q [%d bits]: %s\n", q.size * 8, print); + printf (" # q [%zu bits]: %s\n", q.size * 8, print); print = SU (raw_to_string (g.data, g.size)); - printf (" # g [%d bits]: %s\n", g.size * 8, print); + printf (" # g [%zu bits]: %s\n", g.size * 8, print); print = SU (raw_to_string (y.data, y.size)); - printf (" # y [%d bits]: %s\n", y.size * 8, print); + printf (" # y [%zu bits]: %s\n", y.size * 8, print); gnutls_free (p.data); gnutls_free (q.data); @@ -315,7 +315,7 @@ print_openpgp_info (gnutls_session sessi size_t name_len = sizeof (name); gnutls_openpgp_key crt; const gnutls_datum *cert_list; - int cert_list_size = 0; + size_t cert_list_size = 0; time_t expiret; time_t activet; diff -urp gnutls-1.6.1.orig/src/crypt.c gnutls-1.6.1/src/crypt.c --- gnutls-1.6.1.orig/src/crypt.c Sun Aug 6 11:25:50 2006 +++ gnutls-1.6.1/src/crypt.c Sun Mar 18 20:15:04 2007 @@ -144,7 +144,7 @@ generate_create_conf (char *tpasswd_conf g = gnutls_srp_2048_group_generator; } - printf ("\nGroup %d, of %d bits:\n", index, n.size * 8); + printf ("\nGroup %d, of %zu bits:\n", index, n.size * 8); print_num ("Generator", &g); print_num ("Prime", &n); @@ -187,7 +187,7 @@ _verify_passwd_int (const char *username { char _salt[1024]; gnutls_datum tmp, raw_salt, new_verifier; - int salt_size; + size_t salt_size; char *pos; if (salt == NULL || verifier == NULL) diff -urp gnutls-1.6.1.orig/src/prime.c gnutls-1.6.1/src/prime.c --- gnutls-1.6.1.orig/src/prime.c Fri May 12 08:02:35 2006 +++ gnutls-1.6.1/src/prime.c Sun Mar 18 20:15:04 2007 @@ -107,7 +107,7 @@ generate_prime (int bits, int how) { fprintf (outfile, "/* generator */\n"); - fprintf (outfile, "\nconst uint8 g[%d] = { ", g.size); + fprintf (outfile, "\nconst uint8 g[%zu] = { ", g.size); for (i = 0; i < g.size; i++) { @@ -141,8 +141,8 @@ generate_prime (int bits, int how) if (cparams) { - fprintf (outfile, "/* prime - %d bits */\n", p.size * 8); - fprintf (outfile, "\nconst uint8 prime[%d] = { ", p.size); + fprintf (outfile, "/* prime - %zu bits */\n", p.size * 8); + fprintf (outfile, "\nconst uint8 prime[%zu] = { ", p.size); for (i = 0; i < p.size; i++) { diff -urp gnutls-1.6.1.orig/src/tests.c gnutls-1.6.1/src/tests.c --- gnutls-1.6.1.orig/src/tests.c Thu Sep 21 07:27:59 2006 +++ gnutls-1.6.1/src/tests.c Sun Mar 18 20:15:04 2007 @@ -50,7 +50,7 @@ int tls1_1_ok = 0; /* keep session info */ static char *session_data = NULL; static char session_id[32]; -static int session_data_size = 0, session_id_size = 0; +static size_t session_data_size = 0, session_id_size = 0; static int sfree = 0; static int handshake_output = 0; @@ -368,11 +368,11 @@ test_export_info (gnutls_session session print = raw_to_string (exp2.data, exp2.size); if (print) - printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print); + printf (" Exponent [%zu bits]: %s\n", exp2.size * 8, print); print = raw_to_string (mod2.data, mod2.size); if (print) - printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print); + printf (" Modulus [%zu bits]: %s\n", mod2.size * 8, print); if (mod2.size != mod.size || exp2.size != exp.size || memcmp (mod2.data, mod.data, mod.size) != 0 || @@ -439,16 +439,16 @@ test_dhe_group (gnutls_session session) print = raw_to_string (gen.data, gen.size); if (print) - printf (" Generator [%d bits]: %s\n", gen.size * 8, print); + printf (" Generator [%zu bits]: %s\n", gen.size * 8, print); print = raw_to_string (prime.data, prime.size); if (print) - printf (" Prime [%d bits]: %s\n", prime.size * 8, print); + printf (" Prime [%zu bits]: %s\n", prime.size * 8, print); gnutls_dh_get_pubkey (session, &pubkey2); print = raw_to_string (pubkey2.data, pubkey2.size); if (print) - printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print); + printf (" Pubkey [%zu bits]: %s\n", pubkey2.size * 8, print); if (pubkey2.data && pubkey2.size == pubkey.size && memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0) @@ -999,7 +999,7 @@ test_session_resume2 (gnutls_session ses { int ret; char tmp_session_id[32]; - int tmp_session_id_size; + size_t tmp_session_id_size; if (session == NULL) return TEST_IGNORE; diff -urp gnutls-1.6.1.orig/tests/anonself.c gnutls-1.6.1/tests/anonself.c --- gnutls-1.6.1.orig/tests/anonself.c Fri Jun 16 11:35:47 2006 +++ gnutls-1.6.1/tests/anonself.c Sun Mar 18 20:15:04 2007 @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include diff -urp gnutls-1.6.1.orig/tests/pkcs1-padding/pkcs1-pad gnutls-1.6.1/tests/pkcs1-padding/pkcs1-pad --- gnutls-1.6.1.orig/tests/pkcs1-padding/pkcs1-pad Tue Oct 24 07:14:07 2006 +++ gnutls-1.6.1/tests/pkcs1-padding/pkcs1-pad Sun Mar 18 20:15:04 2007 @@ -30,10 +30,10 @@ EXPECT1=2101 $CERTTOOL --verify-chain --infile $srcdir/pkcs1-pad-ok.pem | tee out1 $CERTTOOL --verify-chain --infile $srcdir/pkcs1-pad-broken.pem | tee out2 -out1oks=`grep 'Verified.' out1 | wc -l` -out2oks=`grep 'Verified.' out2 | wc -l` -out1fails=`grep 'Not verified.' out1 | wc -l` -out2fails=`grep 'Not verified.' out2 | wc -l` +out1oks=`grep 'Verified.' out1 | wc -l | tr -d " "` +out2oks=`grep 'Verified.' out2 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "` +out2fails=`grep 'Not verified.' out2 | wc -l | tr -d " "` rm -f out1 out2 @@ -54,10 +54,10 @@ EXPECT2=1001 $CERTTOOL --verify-chain --infile $srcdir/pkcs1-pad-ok2.pem | tee out1 $CERTTOOL --verify-chain --infile $srcdir/pkcs1-pad-broken2.pem | tee out2 -out1oks=`grep 'Verified.' out1 | wc -l` -out2oks=`grep 'Verified.' out2 | wc -l` -out1fails=`grep 'Not verified.' out1 | wc -l` -out2fails=`grep 'Not verified.' out2 | wc -l` +out1oks=`grep 'Verified.' out1 | wc -l | tr -d " "` +out2oks=`grep 'Verified.' out2 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "` +out2fails=`grep 'Not verified.' out2 | wc -l | tr -d " "` rm -f out1 out2 @@ -78,8 +78,8 @@ EXPECT3=11 $CERTTOOL --verify-chain --infile $srcdir/pkcs1-pad-broken3.pem | tee out1 -out1oks=`grep 'Verified.' out1 | wc -l` -out1fails=`grep 'Not verified.' out1 | wc -l` +out1oks=`grep 'Verified.' out1 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "` rm -f out1 From wk at gnupg.org Wed Mar 21 09:18:43 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 21 Mar 2007 09:18:43 +0100 Subject: [gnutls-dev] size_t, int and 64 bit machines In-Reply-To: (Deanna Phillips's message of "Wed\, 21 Mar 2007 03\:22\:12 +0000") References: Message-ID: <87d533vwkc.fsf@wheatstone.g10code.de> On Wed, 21 Mar 2007 04:22, deanna at sdf.lonestar.org said: > - printf ("Peer provided %d certificates.\n", cert_list_size); > + printf ("Peer provided %zu certificates.\n", cert_list_size); Are you sure that all C89 systems can cope with the "z" modifier? There should be a configure test to at least warn about it. Shalom-Salam, Werner From simon at josefsson.org Wed Mar 21 14:41:27 2007 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 21 Mar 2007 14:41:27 +0100 Subject: [gnutls-dev] size_t, int and 64 bit machines In-Reply-To: <87d533vwkc.fsf@wheatstone.g10code.de> (Werner Koch's message of "Wed\, 21 Mar 2007 09\:18\:43 +0100") References: <87d533vwkc.fsf@wheatstone.g10code.de> Message-ID: <87aby6r9x4.fsf@mocca.josefsson.org> Werner Koch writes: > On Wed, 21 Mar 2007 04:22, deanna at sdf.lonestar.org said: > >> - printf ("Peer provided %d certificates.\n", cert_list_size); >> + printf ("Peer provided %zu certificates.\n", cert_list_size); > > Are you sure that all C89 systems can cope with the "z" modifier? > There should be a configure test to at least warn about it. I think that patch is wrong, the GnuTLS API here usees 'unsigned int' and not size_t. Anyway, gnulib provides a better printf, although I wouldn't want us to require it for the examples. We don't require that all users use gnulib... /Simon From simon at josefsson.org Wed Mar 21 14:42:57 2007 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 21 Mar 2007 14:42:57 +0100 Subject: [gnutls-dev] size_t, int and 64 bit machines In-Reply-To: (Deanna Phillips's message of "Wed\, 21 Mar 2007 03\:22\:12 +0000") References: Message-ID: <878xdqr9um.fsf@mocca.josefsson.org> Deanna Phillips writes: > Hello, > > I noticed some size_t and int mixing that causes the > set_pkcs12_cred test to fail on OpenBSD/sparc64. Hi! Thanks for the report. > Here, sizeof int is 4, and sizeof size_t is 8. Several warnings > such as this are produced: > > gnutls_x509.c:1897: warning: passing arg 2 of `read_binary_file' from incompatible pointer type > > The simple fix for that particular test was - > > typedef struct > { > unsigned char *data; > - unsigned int size; > + size_t size; > } gnutls_datum_t; I am aware of this one, but the problem is: it is part of gnutls.h and thus part of the external API. This is really problematic to change, since it won't be backwards compatible. However, can we get away by considering that GnuTLS doesn't work at all on platforms with 8-byte size_t and just make the change? We have already some supported 64-bit platforms, e.g. amd64 and ia64, but do they have 8-byte size_t? I doubt this is a reasonable way forward... Another alternative is to create a new type 'gnutls_buffer_t' with the proper types, and create new APIs for all existing APIs that use the type. Which is rather difficult. A further alternative is to combine the last solution with library versioning, to avoid renaming functions, although this is not very portable as far as I know (?). > Also included here is a patch that allows the pcks1-padding test > to run on systems that pad wc(1) output with spaces, and another > to include netinet/in.h for struct sockaddr_in in the anonself > test. I have installed this. Thanks, Simon From deanna at sdf.lonestar.org Wed Mar 21 16:57:25 2007 From: deanna at sdf.lonestar.org (Deanna Phillips) Date: Wed, 21 Mar 2007 15:57:25 +0000 Subject: [gnutls-dev] size_t, int and 64 bit machines References: <878xdqr9um.fsf@mocca.josefsson.org> Message-ID: Simon Josefsson writes: >> typedef struct >> { >> unsigned char *data; >> - unsigned int size; >> + size_t size; >> } gnutls_datum_t; > > I am aware of this one, but the problem is: it is part of gnutls.h and > thus part of the external API. This is really problematic to change, > since it won't be backwards compatible. Oops. That changes everything, doesn't it. :-) > However, can we get away by considering that GnuTLS doesn't > work at all on platforms with 8-byte size_t and just make the > change? We have already some supported 64-bit platforms, > e.g. amd64 and ia64, but do they have 8-byte size_t? I doubt > this is a reasonable way forward... On OpenBSD, all 64-bit hardware platforms have an 8-byte size_t. I just checked NetBSD/alpha, and it's the same there. I don't know about Linux or any other systems. Now, the testsuite does pass on two of those, OpenBSD/amd64 and OpenBSD/alpha, but fails on OpenBSD/sparc64. If supported means compiles and runs, then I guess things are ok. Often, when some error like this is found on OpenBSD, it's because one of the memory protection features caught it. Since sparc64 is the only 64-bit platform that actually produced incorrect results, I'm thinking about what's unique there: 1) strict alignment and 2) StackGhost. It's a bit over my head to say for sure, but I'd be happy to perform any tests you might want to try. From simon at josefsson.org Wed Mar 21 17:54:33 2007 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 21 Mar 2007 17:54:33 +0100 Subject: [gnutls-dev] size_t, int and 64 bit machines In-Reply-To: (Deanna Phillips's message of "Wed\, 21 Mar 2007 15\:57\:25 +0000") References: <878xdqr9um.fsf@mocca.josefsson.org> Message-ID: <87648upmeu.fsf@mocca.josefsson.org> Deanna Phillips writes: > Simon Josefsson writes: > >>> typedef struct >>> { >>> unsigned char *data; >>> - unsigned int size; >>> + size_t size; >>> } gnutls_datum_t; >> >> I am aware of this one, but the problem is: it is part of gnutls.h and >> thus part of the external API. This is really problematic to change, >> since it won't be backwards compatible. > > Oops. That changes everything, doesn't it. :-) Alas, yes. >> However, can we get away by considering that GnuTLS doesn't >> work at all on platforms with 8-byte size_t and just make the >> change? We have already some supported 64-bit platforms, >> e.g. amd64 and ia64, but do they have 8-byte size_t? I doubt >> this is a reasonable way forward... > > On OpenBSD, all 64-bit hardware platforms have an 8-byte size_t. > I just checked NetBSD/alpha, and it's the same there. I don't > know about Linux or any other systems. Now, the testsuite does > pass on two of those, OpenBSD/amd64 and OpenBSD/alpha, but fails > on OpenBSD/sparc64. If they have 8-byte size_t, there are probably hidden problems, like those in your patch. > If supported means compiles and runs, then I guess things are > ok. Often, when some error like this is found on OpenBSD, it's > because one of the memory protection features caught it. Since > sparc64 is the only 64-bit platform that actually produced > incorrect results, I'm thinking about what's unique there: 1) > strict alignment and 2) StackGhost. It's a bit over my head to > say for sure, but I'd be happy to perform any tests you might > want to try. I think that if GNU/Linux on amd64 or ia64 have size_t==8, then we cannot use this escape-route, we'll have to solve this properly. I think GnuTLS is used a lot on many amd64/ia64 systems. This approach was probably just wishful thinking, we need to solve this properly. The question is how. /Simon From simon at josefsson.org Wed Mar 21 18:03:20 2007 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 21 Mar 2007 18:03:20 +0100 Subject: [gnutls-dev] size_t, int and 64 bit machines In-Reply-To: (Deanna Phillips's message of "Wed\, 21 Mar 2007 03\:22\:12 +0000") References: Message-ID: <871wjipm07.fsf@mocca.josefsson.org> Deanna Phillips writes: > diff -urp gnutls-1.6.1.orig/doc/examples/ex-crq.c gnutls-1.6.1/doc/examples/ex-crq.c I installed some of your patches, but several of them were changes to public APIs (also for libtasn1) or consequences of those changes, and we should discuss that separately. If I missed some other change, please send an updated patch. /Simon From ametzler at downhill.at.eu.org Wed Mar 21 19:00:28 2007 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Wed, 21 Mar 2007 19:00:28 +0100 Subject: [gnutls-dev] size_t, int and 64 bit machines In-Reply-To: <87648upmeu.fsf@mocca.josefsson.org> References: <878xdqr9um.fsf@mocca.josefsson.org> <87648upmeu.fsf@mocca.josefsson.org> Message-ID: <20070321180028.GA3778@downhill.g.la> On 2007-03-21 Simon Josefsson wrote: [...] > I think that if GNU/Linux on amd64 or ia64 have size_t==8, then we > cannot use this escape-route, we'll have to solve this properly. I > think GnuTLS is used a lot on many amd64/ia64 systems. [...] Afaict from the respective build logs http://buildd.debian.org/fetch.cgi?&pkg=gnutls13&ver=1.4.4-3&arch=ia64&stamp=1163258965&file=log and http://buildd.debian.org/fetch.cgi?&pkg=gnutls13&ver=1.4.4-3&arch=amd64&stamp=1163258660&file=log neither ia64 nor amd64 has a size_t==8; both logs contain: checking for bit size of size_t... 64 cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From wk at gnupg.org Wed Mar 21 19:15:53 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 21 Mar 2007 19:15:53 +0100 Subject: [gnutls-dev] size_t, int and 64 bit machines In-Reply-To: <87648upmeu.fsf@mocca.josefsson.org> (Simon Josefsson's message of "Wed\, 21 Mar 2007 17\:54\:33 +0100") References: <878xdqr9um.fsf@mocca.josefsson.org> <87648upmeu.fsf@mocca.josefsson.org> Message-ID: <87lkhqqx7q.fsf@wheatstone.g10code.de> On Wed, 21 Mar 2007 17:54, simon at josefsson.org said: > I think that if GNU/Linux on amd64 or ia64 have size_t==8, then we > cannot use this escape-route, we'll have to solve this properly. I > think GnuTLS is used a lot on many amd64/ia64 systems. That is correct. Almost all systems use 64 bit for size_t; without that the 64 bit stuff does not make sense for some applications. I am not sure about 64 bit Windows - here size_t might still be 32 bit. They do this, as well as having long still at 32 bit, for backward compatibility reasons. I found this article @article{1165766, author = {John R. Mashey}, title = {The long road to 64 bits}, journal = {Queue}, volume = {4}, number = {8}, year = {2006}, issn = {1542-7730}, pages = {24--35}, doi = {http://doi.acm.org/10.1145/1165754.1165766}, publisher = {ACM Press}, address = {New York, NY, USA}, } from ACMQueue quite interesting (ACM DL account required). Salam-Shalom, Werner From simon at josefsson.org Thu Mar 22 09:11:54 2007 From: simon at josefsson.org (Simon Josefsson) Date: Thu, 22 Mar 2007 09:11:54 +0100 Subject: [gnutls-dev] size_t, int and 64 bit machines In-Reply-To: <20070321180028.GA3778@downhill.g.la> (Andreas Metzler's message of "Wed\, 21 Mar 2007 19\:00\:28 +0100") References: <878xdqr9um.fsf@mocca.josefsson.org> <87648upmeu.fsf@mocca.josefsson.org> <20070321180028.GA3778@downhill.g.la> Message-ID: <87vegtn1dh.fsf@mocca.josefsson.org> Andreas Metzler writes: > On 2007-03-21 Simon Josefsson wrote: > [...] >> I think that if GNU/Linux on amd64 or ia64 have size_t==8, then we >> cannot use this escape-route, we'll have to solve this properly. I >> think GnuTLS is used a lot on many amd64/ia64 systems. > [...] > > Afaict from the respective build logs > http://buildd.debian.org/fetch.cgi?&pkg=gnutls13&ver=1.4.4-3&arch=ia64&stamp=1163258965&file=log > and > http://buildd.debian.org/fetch.cgi?&pkg=gnutls13&ver=1.4.4-3&arch=amd64&stamp=1163258660&file=log > neither ia64 nor amd64 has a size_t==8; both logs contain: > > checking for bit size of size_t... 64 Thanks for the logs. I make that 64/8=8 which means they do have size_t==8. Thus, I guess we can't just make the switch without breaking the API/ABI on some systems. More thinking necessary... /Simon From fweimer at bfk.de Thu Mar 22 12:01:51 2007 From: fweimer at bfk.de (Florian Weimer) Date: Thu, 22 Mar 2007 12:01:51 +0100 Subject: [gnutls-dev] size_t, int and 64 bit machines In-Reply-To: (Deanna Phillips's message of "Wed, 21 Mar 2007 15:57:25 +0000") References: <878xdqr9um.fsf@mocca.josefsson.org> Message-ID: <821wjhilsw.fsf@mid.bfk.de> * Deanna Phillips: > On OpenBSD, all 64-bit hardware platforms have an 8-byte size_t. > I just checked NetBSD/alpha, and it's the same there. I don't > know about Linux or any other systems. Now, the testsuite does > pass on two of those, OpenBSD/amd64 and OpenBSD/alpha, but fails > on OpenBSD/sparc64. This means it's likely an endian issue. -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstra?e 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 From pvalchev at openbsd.org Sun Mar 25 01:20:13 2007 From: pvalchev at openbsd.org (Peter Valchev) Date: Sun, 25 Mar 2007 00:20:13 +0000 (UTC) Subject: [gnutls-dev] =?utf-8?q?size=5Ft=2C_int_and_64_bit_machines?= References: <878xdqr9um.fsf@mocca.josefsson.org> Message-ID: Simon Josefsson josefsson.org> writes: > Deanna Phillips sdf.lonestar.org> writes: > > gnutls_x509.c:1897: warning: passing arg 2 of `read_binary_file' from incompatible pointer type > > > > The simple fix for that particular test was - > > > > typedef struct > > { > > unsigned char *data; > > - unsigned int size; > > + size_t size; > > } gnutls_datum_t; > > I am aware of this one, but the problem is: it is part of gnutls.h and > thus part of the external API. This is really problematic to change, > since it won't be backwards compatible. > > However, can we get away by considering that GnuTLS doesn't work at > all on platforms with 8-byte size_t and just make the change? We have > already some supported 64-bit platforms, e.g. amd64 and ia64, but do > they have 8-byte size_t? I doubt this is a reasonable way forward... > > Another alternative is to create a new type 'gnutls_buffer_t' with the > proper types, and create new APIs for all existing APIs that use the > type. Which is rather difficult. > > A further alternative is to combine the last solution with library > versioning, to avoid renaming functions, although this is not very > portable as far as I know (?). I'm afraid this is a real problem you need to solve. Mixing int vs long vs size_t is bad news because they have different sizes on 64-bit architectures (including on linux), so you *need to be consistent*. Think of all the problems that can arouse when you mix 2 types of different sizes. Either use int everywhere (do not mix in long and size_t, replace those with the proper types instead) or look at Deanna's diff which uses size_t consistently throughout and changes the API. However you don't *need* to change the API if you fix all usages to match it and be consistent (from a very quick look, most of your interfaces already use size_t, so...) Again, as it is, your API uses unsigned int for that function, but you have used size_t in places - BAD! If you change the API, you just bump the shared library's major number (for example from libgnutls.so.15.20 -> libgnutls.so.16.20). Old applications continue to work (your backwards compatibility concern does not exist), and new programs link with the new library, I'm not sure what you mean about this "not being portable", that's what shared libraries are for. Recall the simple shared library rules: When you change the interface -> bump major When you add an interface (eg a new function) -> bump major From simon at josefsson.org Sun Mar 25 07:09:15 2007 From: simon at josefsson.org (Simon Josefsson) Date: Sun, 25 Mar 2007 07:09:15 +0200 Subject: [gnutls-dev] size_t, int and 64 bit machines In-Reply-To: (Peter Valchev's message of "Sun\, 25 Mar 2007 00\:20\:13 +0000 \(UTC\)") References: <878xdqr9um.fsf@mocca.josefsson.org> Message-ID: <87lkhllxj8.fsf@mocca.josefsson.org> Peter Valchev writes: > Simon Josefsson josefsson.org> writes: >> Deanna Phillips sdf.lonestar.org> writes: >> > gnutls_x509.c:1897: warning: passing arg 2 of `read_binary_file' from > incompatible pointer type >> > >> > The simple fix for that particular test was - >> > >> > typedef struct >> > { >> > unsigned char *data; >> > - unsigned int size; >> > + size_t size; >> > } gnutls_datum_t; >> >> I am aware of this one, but the problem is: it is part of gnutls.h and >> thus part of the external API. This is really problematic to change, >> since it won't be backwards compatible. >> >> However, can we get away by considering that GnuTLS doesn't work at >> all on platforms with 8-byte size_t and just make the change? We have >> already some supported 64-bit platforms, e.g. amd64 and ia64, but do >> they have 8-byte size_t? I doubt this is a reasonable way forward... >> >> Another alternative is to create a new type 'gnutls_buffer_t' with the >> proper types, and create new APIs for all existing APIs that use the >> type. Which is rather difficult. >> >> A further alternative is to combine the last solution with library >> versioning, to avoid renaming functions, although this is not very >> portable as far as I know (?). > > I'm afraid this is a real problem you need to solve. Mixing int vs long > vs size_t is bad news because they have different sizes on 64-bit > architectures (including on linux), so you *need to be consistent*. > Think of all the problems that can arouse when you mix 2 types of > different sizes. Either use int everywhere (do not mix in long and > size_t, replace those with the proper types instead) or look at Deanna's > diff which uses size_t consistently throughout and changes the API. Yup, I know. The problem isn't realizing that it has to be fixed, but how to fix it in a good way... > However you don't *need* to change the API if you fix all usages > to match it and be consistent (from a very quick look, most of your > interfaces already use size_t, so...) ...right, and that is the solution I have taken so far. It is simply not worth breaking the API to change 'int' to 'size_t' in some places (e.g., 'gnutls_datum_t'). > Again, as it is, your API uses unsigned int for that function, but > you have used size_t in places - BAD! Yup, I installed patches for some of those. If there are more of them, please send updated patches! > If you change the API, you just bump the shared library's major number > (for example from libgnutls.so.15.20 -> libgnutls.so.16.20). Old > applications continue to work (your backwards compatibility concern does > not exist), and new programs link with the new library, I'm not sure > what you mean about this "not being portable", that's what shared > libraries are for. > > Recall the simple shared library rules: > When you change the interface -> bump major > When you add an interface (eg a new function) -> bump major The problem is source-level backwards compatibility and existing code out there that use GnuTLS or libtasn1. They may have code like, e.g.: int len; ... asn1_der_coding (element, name, ider, &len, NULL); If I would have installed Deanna's entire patch, that public API function of libtasn1 would have changed it's prototype from 'int len' to 'size_t len'. Now if 'int' is 4 bytes and 'size_t' is 8 bytes, you can imagine the problems caused.... /Simon From simon at josefsson.org Sun Mar 25 07:20:37 2007 From: simon at josefsson.org (Simon Josefsson) Date: Sun, 25 Mar 2007 07:20:37 +0200 Subject: [gnutls-dev] GnuTLS and Google Summer of Code 2007 In-Reply-To: <87irdgp2e1.fsf@latte.josefsson.org> (Simon Josefsson's message of "Mon\, 05 Mar 2007 08\:37\:10 +0100") References: <87irdgp2e1.fsf@latte.josefsson.org> Message-ID: <874po9lx0a.fsf@mocca.josefsson.org> Hi! The deadline for student applications for the Google Summer of Code is tomorrow. So if you have an GnuTLS idea that you want to implement, and want to get paid for it, now would be a good time to write and send in proposals... Note that you don't have to pick one of the projects below, they are just ideas. Explain your idea well and the GNU mentors will review it. /Simon Simon Josefsson writes: > Hi! GnuTLS will try to participate in the Google Summer of Code, see: > > http://www.gnu.org/software/soc-projects/guidelines.html > http://code.google.com/soc/ > > Right now we are collecting ideas for projects, the ideas from 2006 > are : > > 1. Datagram TLS support. RFC 4347 describe a UDP version of TLS. > > 2. Support for the elliptic curves ciphersuites as an alternative > authentication method. > > comment: I think I saw some patches for libgcrypt about this > quite recently, which could be a basis for this work. > > 3. Redesign and rewrite libtasn1 (asn.1 parser library). The new > implementation must be efficient and easy to extend with new > types and encoding rules (say BER and DER). > > 4. Write a crypto backend to perform (symmetric and assymetric > de/encryption, hash and MAC, key generation, random number > generation). It should be able to utilize libgcrypt and other > free libraries, such as libtomcrypt, and should be extendable > for hardware drivers. > > I can immediately add some ideas: > > 5. Work on integrating support for some of the newer TLS > extensions, which can include better TLS 1.2 support. > > 6. Integrate the NIST X.509 self-tests and make sure we pass them. > This could be an important step for FIPS certification of > GnuTLS. > > 7. OpenPGP related improvements? > > I'd appreciate suggestions for other ideas that might attract good > people. > > If you want to propose something and work on it as a student, let me > know. > > /Simon From ametzler at downhill.at.eu.org Sun Mar 25 15:07:27 2007 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sun, 25 Mar 2007 15:07:27 +0200 Subject: [gnutls-dev] size_t, int and 64 bit machines In-Reply-To: References: <878xdqr9um.fsf@mocca.josefsson.org> Message-ID: <20070325130726.GA3723@downhill.g.la> On 2007-03-25 Peter Valchev wrote: [...] > Recall the simple shared library rules: > When you change the interface -> bump major > When you add an interface (eg a new function) -> bump major Actually there is no reason to bump major if a interface is just added. (If you use libtool and imlement versioning as documented in the libtool manual you'll end up with bumping minor when just adding a new symbol.) cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'